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AMENDMENTS TO THE CLAIMS 

This listing of claims will replace all prior versions and listings of claims in the 

application: 

LISTING OF CLAIMS: 

1 . (currently amended): A padding application method for applying a padding scheme 

that ensures the security of cryptosystems not using random numbers^ to cryptosystems in which 

a random number isused to create a ciphertext and is susceptible to recovery at the-areceiving 

end, the method comprising the steps of: 

I 

converting input information into a bit string with a prescribed length or less according to 
the padding scheme; 

converting the bit string into a first bit string and a second bit string based on a prescribed 
conversion rule; and 

supplying an encryption function with the first bit string as data input and the second bit 
| string as random number input; 

wherein the prescribed conversion rule is a map to map the bit string having a prescribed 
length or less to the element of the direct product of the set of the first bit strings and the set of 
the second bit strings, and satisfies the following conditions: the map is injective; the map and 
inverse map thereof are computable by a polynomial time; and the encryption function whose 
domain is the direct product is a one-way function. 
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2. (original): The padding application method claimed in claim 1 , wherein the 
conversion rule is a rule to divide the hit string into two parts in such a manner as to set the first 
half of the bit string as the first bit string and the second half of the bit string as the second bit 
string. 

3. (original): The padding application method claimed in claim 1 or 2, wherein the 

0 AEP + padding is employed as the padding scheme, and the NTRU cryptosystem is employed 
as the cryptosystem using random numbers. 

4. (currently amended): A padder used in a padding application method for applying a 
padding scheme that ensures the security of cryptosystems not using random numbers^ to 
cryptosystems in which a random number isused to create a ciphertext and i s susceptible to 
recovery at tha-a.receiving end, the padder comprising: 

a conversion means for converting input information into a bit string with a prescribed 
length or less according to the padding scheme; 

a bit string conversion means for converting the bit string into a first bit string and a 
second bit string based on a prescribed conversion rule; and 

an encryption means for supplying an encryption function with the first bit string as data 
input and the second bit string as random number input to create a ciphertext; 

wherein the prescribed conversion rule is a map to map the bit string having a prescribed 
length or less to the element of the direct product of the set of the first bit strings and the set of 
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the second bit strings, and satisfies the following conditions: the map is injective; the map and 
inverse map thereof are computable by a polynomial time; and the encryption function whose 
domain is the direct product is a one-way function. 

5. (original): The padder claimed in claim 4, wherein the conversion rule is a rule to 
divide the bit string into two parts in such a manner as to set the first half of the bit string as the 
first bit string and the second half of the bit string as the second bit string. 

6. (original): The padder claimed in claim 4 or 5, wherein the OAEP + padding is 
employed as the padding scheme, and the NTRU cryptosystem is employed as the cryptosystem 
using random numbers. 

7. (currently amended): An encryptor for creating a ciphertext by applying a padding 
scheme that ensures the security of cryptosystems not using random numbers* to a cryptosystem 
in which a random number isused to create a ciphertext and is susceptible to recovery at the-a 
receiving end, the encryptor comprising: 

a padding conversion means for converting an input plaintext into a bit string with a 
prescribed length or less according to the padding scheme; 

a bit string conversion means for converting the bit string into a first bit string and a 
second bit string based on a prescribed conversion rule; and 
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an encryption means for supplying an encryption function with the first bit string as data 
input and the second bit string as random number input to create a ciphertext; 

wherein the prescribed conversion rule is a map to map the hit string having a prescribed 
length or less to the element of the direct product of the set of the first bit strings and the set of 
the second bit strings, and satisfies the following conditions: the map is infective; the map and 
inverse map thereof are computable by a polynomial time; and the encryption function whose 
domain is the direct product is a one-way function. 

8. (currently amended): An encryptor for creating a ciphertext by applying a padding 
scheme that ensures the security of cryptosystems not using random numbers* to a cryptosystem 
in which a random number isused to create a ciphertext and is susceptible to recovery at a_tha 
receiving end, the encryptor comprising: 

a first encryption means for randomly selecting a private key encryption key, and 
performs private key encryption for an input plaintext using the private key encryption key to 
create a first ciphertext; 

a padding conversion means for converting the private key encryption key into a bit 
string with a prescribed length or less according to the padding scheme; 

a bit string conversion means for converting the bit string into a first bit string and a 
second bit string based on a prescribed conversion rule; 

a second encryption means for supplying an encryption function with the first bit string as 
data input and the second bit string as random number input to create a second ciphertext; and 



5 



RESPONSE TO QUAYLE ACTION 
U.S. Appln.No. 10/561,216 
Attorney Docket No.: Q92077 

a eiphertext output means for outputting the first ciphertext and the second ciphertext as a 

eiphertext; 

wherein the prescribed conversion rule is a map to map the bit string having a prescribed 
length or less to the element of the direct product of the set of the first bit strings and the set of 
the second bit strings, and satisfies the following conditions: the map is injective; the map and 
inverse map thereof are computable by a polynomial time; and the encryption function whose 
domain is the direct product is a one-way function. 

9. (original): The encryptor claimed in claim 7 or 8, wherein the conversion rule is a rule 
to divide the bit string into two parts in such a manner as to set the first half of the bit string as 
the first bit string and the second half of the bit string as the second bit string. 

1 0. (original): The encryptor claimed in claim 7 or 8 5 wherein the O AEP + padding is 
employed as the padding scheme, and the NTRU cryptosystem is employed as the cryptosystem 
using random numbers. 

1 1 . (currently amended): An encryption method for creating a ciphertext by applying a 
padding scheme that ensures the security of cryptosystems not using random numbers^ to a 
cryptosystem in which a random number is_used to create a ciphertext and is susceptible to 
recovery at thea receiving end, the method comprising the steps of: 
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converting an input plaintext into a bit string with a prescribed length or less according to 

the padding scheme; 

converting the bit string into a first bit string and a second bit string based on a prescribed 
conversion rule; and 

supplying an encryption function with the first bit string as data input and the second bit 
string as random number input to create a ciphertext; 

wherein the prescribed conversion rule is a map to map the bit string having a prescribed 
length or less to the element of the direct product of the set of the first bit strings and the set of 
the second bit strings, and satisfies the following conditions: the map is injeetive; the map and 
inverse map thereof are computable by a polynomial time; and the encryption function whose 
domain is the direct product is a one-way function. 

12. (currently amended) : An encryption method for creating a ciphertext by applying a 
padding scheme that ensures the security of cryptosystems not using random numbers* to a 
cryptosystem in which a random number isused to create a ciphertext and i s susceptible to 
recovery at athe receiving end, the method comprising the steps of: 

randomly selecting a private key encryption key; 

performing private key encryption for an input plaintext using the private key encryption 
key to create a first ciphertext; 

converting the private key encryption key into a bit string with a prescribed length or less 
according to the padding scheme; 
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converting the bit string into a first bit string and a second bit string based on a prescribed 

conversion rule; 

supplying an encryption function with the first bit string as data input and the second bit 
string as random number input to create a second ciphertext; and 

outputting the first ciphertext and the second ciphertext as a ciphertext; 

wherein the prescribed conversion rule is a map to map the bit string having a prescribed 
length or less to the element of the direct product of the set of the first bit strings and the set of 
the second bit strings, and satisfies the following conditions: the map is injective; the map and 
inverse map thereof are computable by a polynomial time; and the encryption function whose 
domain is the direct product is a one-way function. 

13. (original): The encryption method claimed in claim 1 1 or 12, wherein the conversion 
rule is a rule to divide the bit string into two parts in such a manner as to set the first half of the 
bit string as the first bit string and the second half of the bit string as the second bit string. 

14. (original): The encryption method claimed in claim 1 1 or 12, wherein the OAEP + 
padding is employed as the padding scheme, and the NTRU cryptosystem is employed as the 
cryptosystem using random numbers. 

15. (original): A decryptor for decrypting a ciphertext created by the encryptor claimed 
in claim 7, comprising: 
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a first decryption means for decrypting an input ciphertext to generate a first bit string 
according to a decryption scheme corresponding to the cryptosystem using random numbers; 

a random number recovery means for recovering a random number used for encryption as 
a second bit string; 

a bit string inversion means for inverting the first bit string and the second bit string to a 
bit string with a prescribed length or less based on the inverse of the conversion rule; 

a padding inversion means for removing padding according to the padding scheme from 
the bit string with a prescribed length or less to retrieve the original plaintext; and 

a determination means for verifying the validity of the padding, and if the padding is 
valid, outputting the plaintext. 

1 6. (original): A decryptor for decrypting a ciphertext created by the encryptor claimed 
in claim 8, comprising: 

a first decryption means for decrypting the second ciphertext to generate a first bit string 
according to a decryption scheme corresponding to the cryptosystem using random numbers; 

a random number recovery means for recovering a random number used for encryption as 
a second bit string; 

a bit string inversion means for inverting the first bit string and the second bit string to a 
bit string with a prescribed length or less based on the inverse of the conversion rule; 
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a padding inversion means for removing padding according to the padding scheme from 

the bit string with a prescribed length or less to retrieve the original private key encryption key; 

and 

a second decryption means for verifying the validity of the padding, and if the padding is 
valid, decrypting the first ciphertext using the private key encryption key. 

17, (original): A decryption method for decrypting a ciphertext created according to the 
encryption method claimed in claim 11, comprising the steps of: 

decrypting an input ciphertext to generate a first bit string according to a decryption 
scheme corresponding to the cryptosystem using random numbers; 

recovering a random number used for encryption as a second bit string; 

inverting the first bit string and the second bit string to a bit string with a prescribed 
length or less based on the inverse of the conversion rule; 

removing padding according to the padding scheme from the bit string with a prescribed 
length or less to retrieve the original plaintext; and 

verifying the validity of the padding, and if the padding is valid, outputting the plaintext. 

1 8. (original): A decryption method for decrypting a ciphertext created according to the 
encryption method claimed in claim 12, comprising the steps of: 

decrypting the second ciphertext to generate a first bit string according to a decryption 
scheme corresponding to the cryptosystem using random numbers; 
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recovering a random number used for encryption as a second bit string; 

inverting the first bit string and the second bit string to a bit string with a prescribed 
length or less based on the inverse of the conversion rule; 

removing padding according to the padding scheme from the bit string with a prescribed 
length or less to retrieve the original private key encryption key; and 

verifying the validity of the padding, and if the padding is valid, decrypting the first 
ciphertext using the private key encryption key. 

19, (currently amended): A cryptographic communication system comprising 
communication terminals that perform cryptographic communication through a communication 
network using a padding scheme that ensures the security of cryptosystems not using random 
numbers with a cryptosystem in which a random number js used to create a ciphertext and is 
susceptible to recovery at ath® receiving end, wherein: 

a sending communication terminal includes: 

a padding conversion means for converting an input plaintext into a bit string with a 
prescribed length or less according to the padding scheme; 

a bit string conversion means for converting the bit string into a first bit string and a 
second bit string based on a prescribed conversion rule, the conversion rule being a map to map 
the bit string having a prescribed length or less to the element of the direct product of the set of 
the first bit strings and the set of the second bit strings and satisfying the following conditions: 
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the map is injective; the map and inverse map thereof are computable by a polynomial time; and 
the encryption function whose domain is the direct product is a one-way function; 

an encryption means for supplying an encryption function with the first bit string as data 
input and the second bit string as random number input to create a ciphertext; and 

a transmission means for transmitting the ciphertext to a receiving terminal; and 

the receiving communication terminal includes: 

a reception means for receiving the ciphertext from the sending communication terminal; 

a first decryption means for decrypting the received ciphertext to generate a first bit string 
according to a decryption scheme corresponding to the cryptosystem using random numbers; 

a random number recovery means for recovering a random number used for the 
encryption as a second bit string; 

a bit string inversion means for inverting the first bit string and the second bit string to a 
bit string with a prescribed length or less based on the inverse of the conversion rule; 

a padding inversion means for removing padding according to the padding scheme from 
the bit string with a prescribed length or less to retrieve the original plaintext; and 

a determination means for verifying the validity of the padding, and if the padding is 
valid, outputting the plaintext. 

20. (currently amended): A cryptographic communication system comprising 
communication terminals that perform cryptographic communication through a communication 
network using a padding scheme that ensures the security of cryptosystems not using random 
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numbers^ with a eryptosystem in which a random number isused to create a ciphertext and is 
susceptible to recovery at athe receiving end, wherein: 
a sending communication terminal includes: 

a first encryption means for randomly selecting a private key encryption key, and 
performs private key encryption for an input plaintext using the private key encryption key to 
create a first ciphertext; 

a padding conversion means for converting the private key encryption key into a bit 
string with a prescribed length or less according to the padding scheme; 

a bit string conversion means for converting the bit string into a first bit string and a 
second bit string based on a prescribed conversion rule, the conversion rule being a map to map 
the bit string having a prescribed length or less to the element of the direct product of the set of 
the first bit strings and the set of the second bit strings and satisfying the following conditions: 
the map is injective; the map and inverse map thereof are computable by a polynomial time; and 
the encryption function whose domain is the direct product is a one-way function; 

a second encryption means for supplying an encryption function with the first bit string as 
data input and the second bit string as random number input to create a second ciphertext; and 

a ciphertext output means for outputting the first ciphertext and the second ciphertext as a 
ciphertext; and 

a receiving communication terminal includes: 

a reception means for receiving the ciphertext from the sending communication terminal; 
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a first decryption means for decrypting the second ciphertext to generate a first bit string 
according to a decryption scheme corresponding to the cryptosystem using random numbers; 

a random number recovery means for recovering a random number used for the 
encryption as a second bit string; 

a bit string inversion means for inverting the first bit string and the second bit string to a 
bit string with a prescribed length or less based on the inverse of the conversion rule; 

a padding inversion means for removing padding according to the padding scheme from 
the bit string with a prescribed length or less to retrieve the original private key encryption key; 
and 

a second decryption means for verifying the validity of the padding, and if the padding is 
valid, decrypting the first ciphertext using the private key encryption key. 



14 



